Hmmm, first of all (and maybe you've done this) you need to alias the jail's
ip on you network card. Secondly make sure that "net.inet.ip.fw.one_pass" is
set to 1 (the default). Otherwise diverted packets will continue down the
fire wall after the divert rule.

Lastly, I would check that the packets are in fact getting NAT'd in. It may
be the out that's the problem. I think in addition to the redirect_tcp you
also have to do a proper NAT thing. In my inderstanding, redirections open
holes to let stuff in, but for the packets to get back out proper Natting is
required. OTOH, most of my experience is with ipnat, so I'm not sure here.

Relevant Pages

Re: Survive without ICMP?...ICMP resides above IP protocol, ... it receives a UDP or TCP packet on port 0 would be packets ... ICMP Type 3 Code 3 (Port unreachable).... when it receives a TCP packet to a forbidden port which may ...(comp.security.firewalls)

Re: Survive without ICMP?... > an Orion modem, Linksys programmable router, three machines ... > Linksys router responding to port 0 requests. ... > a timestamp ICMP did make it through to our hack testing. ... > the ICMP packet for a netmask....(comp.security.firewalls)

Re: nmap and icmp-replies... Since UDP is stateless, it's the only way a stack can "tell" a port is closed/filtered. ... Even if you send a packet to an open UDP Port, depending on the protocol your scanner has to send a valid payload to get an answer. ... If your target sends ICMP Dest-Unrecheachables,... You have an option to go with a managed service or an enterprise software. ...(Pen-Test)

Re: Network Routing Problems???... for my FreeBSD gateway....ipfw rule-set and my natd.conf ... add 00301 deny tcp from any to any in established ... add 00600 allow icmp from any to any icmptypes 3 ...(freebsd-questions)